[Openswan Users] Should be a simple routing question
Paul Wouters
paul at xelerance.com
Tue Aug 22 14:47:48 EDT 2006
On Tue, 22 Aug 2006, Andy Gay wrote:
> > Left 10.15.1.0/24 <------> Right 10.0.0.0/8.
> > Site B Site A
> >
> > The tunnel works great - both sides see each ohter just fine, thanks to
> > lots of help from people in this list.
> >
> > Here's the issue. When I traceroute from the siteB router at 10.15.1.1
> > to anything else in SiteB, it tries to route via SiteA! Very strange
> > indeed!
> >
> > Well, it kind of makes sense because my tunnel definition evidently told
> > it to behave this way. I was wondering if there is a way to make the
> > local route happen before the tunnel route?
>
> I don't think this is a routing issue, it's to do with IPsec policy.
> Your policy says anything with source address 10.15.1.0/24 and
> destination 10.0.0.0/8 should be sent through the tunnel.
>
> Try doing this on the siteB router:
>
> ip xfrm policy add dir in src 10.15.1.0/24 dst 10.15.1.0/24
> ip xfrm policy add dir out src 10.15.1.0/24 dst 10.15.1.0/24
>
> That will add some more specific policies for local traffic.
>
> I believe there's a way to do that using a passthrough conn as well, I'm
> not certain about the syntax for that.
try:
conn pass-localstuff
left=10.15.1.1
right=0.0.0.0
rightsubnet=10.15.1.0/24
auto=route
authby=never
type=passthrough
Paul
More information about the Users
mailing list